前言
接着上篇mongodb单机部署,本次部署mongodb副本集:副本集基于主从复制架构,支持自动failover,避免了主节点故障后,需要人工介入进行切换,修改配置等操作。官方在4.0版本后不建议再使用主从架构。根据官方描述,副本集最少为3节点组成且需要为奇数个,防止选举时脑裂的发生。3节点部署方式为1主节点,2二级节点,如果出于成本和资源的考虑,可以考虑用arbiter仲裁节点代替二级节点,arbiter节点不会从主节点复制数据,但是会参与投票选举。1主2从:1主1从1仲裁:
部署
本次搭建采用1primary,1secondary,1arbiter架构:
primary:192.168.56.108 secondary:192.168.56.109 arbiter:192.168.56.110
按照上一篇步骤分别启动3个mongodb服务:
mongod -f /etc/mongodb.conf
mongodb.conf配置如下:(默认为无认证方式,先注掉auth和keyfile)
# 数据库文件存储位置dbpath = /var/lib/mongo# log文件存储位置logpath = /var/log/mongodb/mongodb.log# 使用追加的方式写日志logappend = true# 是否以守护进程方式运行fork = true# 端口号port = 27017# 是否启用认证#auth = true#密钥文件#keyFile = /var/lib/mongo/mongokeyfile# 绑定ipbind_ip = 0.0.0.0
任一节点登录后,进行副本集的初始化配置:
#先初始化1主1从的配置:rsconf = { _id : "rs", members : [ {_id : 0, host : "192.168.56.108:27017"}, {_id : 1, host : "192.168.56.109:27017"}, ]}#初始化rs.initiate(rsconf)#初始化成功后,添加仲裁节点:rs.addArb("192.168.56.110:27017")#查看副本集状态:rs.status()
statestr:表示当前节点角色
health:为1表示健康
rs:PRIMARY> rs.status(){ "set" : "rs", "date" : ISODate("2020-06-18T07:36:56.581Z"), "myState" : 1, "term" : NumberLong(6), "syncingTo" : "", "syncSourceHost" : "", "syncSourceId" : -1, "heartbeatIntervalMillis" : NumberLong(2000), "majorityVoteCount" : 2, "writeMajorityCount" : 2, "optimes" : { "lastCommittedOpTime" : { "ts" : Timestamp(1592465808, 1), "t" : NumberLong(6) }, "lastCommittedWallTime" : ISODate("2020-06-18T07:36:48.738Z"), "readConcernMajorityOpTime" : { "ts" : Timestamp(1592465808, 1), "t" : NumberLong(6) }, "readConcernMajorityWallTime" : ISODate("2020-06-18T07:36:48.738Z"), "appliedOpTime" : { "ts" : Timestamp(1592465808, 1), "t" : NumberLong(6) }, "durableOpTime" : { "ts" : Timestamp(1592465808, 1), "t" : NumberLong(6) }, "lastAppliedWallTime" : ISODate("2020-06-18T07:36:48.738Z"), "lastDurableWallTime" : ISODate("2020-06-18T07:36:48.738Z") }, "lastStableRecoveryTimestamp" : Timestamp(1592452427, 1), "lastStableCheckpointTimestamp" : Timestamp(1592452427, 1), "electionCandidateMetrics" : { "lastElectionReason" : "electionTimeout", "lastElectionDate" : ISODate("2020-06-18T07:36:18.669Z"), "electionTerm" : NumberLong(6), "lastCommittedOpTimeAtElection" : { "ts" : Timestamp(0, 0), "t" : NumberLong(-1) }, "lastSeenOpTimeAtElection" : { "ts" : Timestamp(1592463353, 1), "t" : NumberLong(5) }, "numVotesNeeded" : 2, "priorityAtElection" : 1, "electionTimeoutMillis" : NumberLong(10000), "numCatchUpOps" : NumberLong(0), "newTermStartDate" : ISODate("2020-06-18T07:36:18.721Z"), "wMajorityWriteAvailabilityDate" : ISODate("2020-06-18T07:36:18.724Z") }, "members" : [ { "_id" : 0, "name" : "192.168.56.108:27017", "health" : 1, "state" : 1, "stateStr" : "PRIMARY", "uptime" : 49, "optime" : { "ts" : Timestamp(1592465808, 1), "t" : NumberLong(6) }, "optimeDate" : ISODate("2020-06-18T07:36:48Z"), "syncingTo" : "", "syncSourceHost" : "", "syncSourceId" : -1, "infoMessage" : "could not find member to sync from", "electionTime" : Timestamp(1592465778, 1), "electionDate" : ISODate("2020-06-18T07:36:18Z"), "configVersion" : 2, "self" : true, "lastHeartbeatMessage" : "" }, { "_id" : 1, "name" : "192.168.56.109:27017", "health" : 1, "state" : 2, "stateStr" : "SECONDARY", "uptime" : 42, "optime" : { "ts" : Timestamp(1592465808, 1), "t" : NumberLong(6) }, "optimeDurable" : { "ts" : Timestamp(1592465808, 1), "t" : NumberLong(6) }, "optimeDate" : ISODate("2020-06-18T07:36:48Z"), "optimeDurableDate" : ISODate("2020-06-18T07:36:48Z"), "lastHeartbeat" : ISODate("2020-06-18T07:36:54.769Z"), "lastHeartbeatRecv" : ISODate("2020-06-18T07:36:56.257Z"), "pingMs" : NumberLong(0), "lastHeartbeatMessage" : "", "syncingTo" : "192.168.56.108:27017", "syncSourceHost" : "192.168.56.108:27017", "syncSourceId" : 0, "infoMessage" : "", "configVersion" : 2 }, { "_id" : 2, "name" : "192.168.56.110:27017", "health" : 1, "state" : 7, "stateStr" : "ARBITER", "uptime" : 38, "lastHeartbeat" : ISODate("2020-06-18T07:36:54.770Z"), "lastHeartbeatRecv" : ISODate("2020-06-18T07:36:56.257Z"), "pingMs" : NumberLong(0), "lastHeartbeatMessage" : "", "syncingTo" : "", "syncSourceHost" : "", "syncSourceId" : -1, "infoMessage" : "", "configVersion" : 2 } ], "ok" : 1, "$clusterTime" : { "clusterTime" : Timestamp(1592465808, 1), "signature" : { "hash" : BinData(0,"OZWoT9nh8pw/Sn0/Fw0mjPq6vR0="), "keyId" : NumberLong("6839133530753073155") } }, "operationTime" : Timestamp(1592465808, 1)}
开启权限管理
由于上述副本集未开启权限认证,不适用于生产环境的mongodb。官方提供了两种授权认证方式:
keyfile和x.509。本次以配置keyfile为例:
在主节点创建超级管理用户sysadmin:
use admindb.createUser( { user: "sysadmin", pwd: passwordPrompt(), roles: [ 'clusterAdmin', 'dbAdminAnyDatabase', 'userAdminAnyDatabase', 'readWriteAnyDatabase' ] })
停止所有节点的服务:
systemctl stop mongodb.serviceorkill mongod process
创建keyfile密钥文件:
openssl rand -base64 756 > /var/lib/mongo/mongokeyfilechmod 600 /var/lib/mongo/mongokeyfile
创建完成后,将该密钥拷贝至副本集中其他成员同一路径下,
然后将配置文件mongodb.conf中的auth,keyfile注释去掉后,重新启动mongod服务即可。
再次登录mongo后执行rs.status()会发现提示需要授权:
授权后即可正常操作
use admindb.auth('sysadmin','123456')
END
--------------------------------